139.59.141.137

Basic Info

City: Frankfurt am Main

Region: Hesse

Country: Germany

Internet Service Provider: Digital Ocean Inc.

Hostname: unknown

Organization: DigitalOcean, LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2019-09-02 20:57:48,287 fail2ban.actions [804]: NOTICE [sshd] Ban 139.59.141.137 2019-09-03 00:03:17,260 fail2ban.actions [804]: NOTICE [sshd] Ban 139.59.141.137 2019-09-03 03:08:21,671 fail2ban.actions [804]: NOTICE [sshd] Ban 139.59.141.137 ...	2019-10-03 16:23:32
attackbots	2019-09-02 20:57:48,287 fail2ban.actions [804]: NOTICE [sshd] Ban 139.59.141.137 2019-09-03 00:03:17,260 fail2ban.actions [804]: NOTICE [sshd] Ban 139.59.141.137 2019-09-03 03:08:21,671 fail2ban.actions [804]: NOTICE [sshd] Ban 139.59.141.137 ...	2019-09-13 13:22:27
attack	Sep 3 21:05:48 eddieflores sshd\[10556\]: Invalid user karleigh from 139.59.141.137 Sep 3 21:05:48 eddieflores sshd\[10556\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.141.137 Sep 3 21:05:50 eddieflores sshd\[10556\]: Failed password for invalid user karleigh from 139.59.141.137 port 45100 ssh2 Sep 3 21:10:21 eddieflores sshd\[11127\]: Invalid user flume from 139.59.141.137 Sep 3 21:10:21 eddieflores sshd\[11127\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.141.137	2019-09-04 15:20:12
attackbotsspam	fraudulent SSH attempt	2019-08-31 04:06:33
attack	Aug 29 04:46:30 DAAP sshd[5484]: Invalid user claudio from 139.59.141.137 port 42158 ...	2019-08-29 15:32:21
attack	Aug 16 07:20:27 tdfoods sshd\[24232\]: Invalid user farmacia from 139.59.141.137 Aug 16 07:20:27 tdfoods sshd\[24232\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.141.137 Aug 16 07:20:29 tdfoods sshd\[24232\]: Failed password for invalid user farmacia from 139.59.141.137 port 54380 ssh2 Aug 16 07:24:52 tdfoods sshd\[24662\]: Invalid user 123 from 139.59.141.137 Aug 16 07:24:52 tdfoods sshd\[24662\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.141.137	2019-08-17 01:35:02
attackspam	Automatic report - Banned IP Access	2019-08-11 05:33:59
attack	Jul 23 21:22:23 MK-Soft-VM7 sshd\[11565\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.141.137 user=root Jul 23 21:22:25 MK-Soft-VM7 sshd\[11565\]: Failed password for root from 139.59.141.137 port 52794 ssh2 Jul 23 21:27:50 MK-Soft-VM7 sshd\[11608\]: Invalid user sistemas from 139.59.141.137 port 48366 Jul 23 21:27:50 MK-Soft-VM7 sshd\[11608\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.141.137 ...	2019-07-24 06:04:13

Comments on same subnet:

IP	Type	Details	Datetime
139.59.141.196	attack	139.59.141.196 - - [11/Oct/2020:16:45:30 +0100] "POST /wp-login.php HTTP/1.1" 200 2520 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [11/Oct/2020:16:45:31 +0100] "POST /wp-login.php HTTP/1.1" 200 2478 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [11/Oct/2020:16:45:32 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-12 00:48:43
139.59.141.196	attack	139.59.141.196 - - [10/Oct/2020:22:54:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2398 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [10/Oct/2020:22:54:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2375 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [10/Oct/2020:22:54:39 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-11 16:44:14
139.59.141.196	attackspambots	139.59.141.196 - - [10/Oct/2020:22:54:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2398 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [10/Oct/2020:22:54:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2375 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [10/Oct/2020:22:54:39 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-11 10:04:07
139.59.141.196	attackspam	139.59.141.196 - - [28/Sep/2020:21:42:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2340 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [28/Sep/2020:21:42:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2319 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [28/Sep/2020:21:42:49 +0100] "POST /wp-login.php HTTP/1.1" 200 2324 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 05:30:47
139.59.141.196	attackspambots	139.59.141.196 - - [28/Sep/2020:13:25:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2862 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [28/Sep/2020:13:25:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2831 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [28/Sep/2020:13:25:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2866 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 21:51:17
139.59.141.196	attack	WordPress wp-login brute force :: 139.59.141.196 0.116 - [28/Sep/2020:05:49:23 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 2414 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-09-28 13:58:01
139.59.141.196	attackbots	139.59.141.196 - - [13/Sep/2020:19:05:10 +0000] "POST /wp-login.php HTTP/1.1" 200 2077 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.141.196 - - [13/Sep/2020:19:05:11 +0000] "POST /wp-login.php HTTP/1.1" 200 2055 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.141.196 - - [13/Sep/2020:19:05:13 +0000] "POST /wp-login.php HTTP/1.1" 200 2052 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.141.196 - - [13/Sep/2020:19:05:15 +0000] "POST /wp-login.php HTTP/1.1" 200 2052 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.141.196 - - [13/Sep/2020:19:05:16 +0000] "POST /xmlrpc.php HTTP/1.1" 200 236 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-"	2020-09-14 03:29:50
139.59.141.196	attack	Automatic report generated by Wazuh	2020-09-13 19:29:40
139.59.141.196	attackbots	139.59.141.196 - - [27/Aug/2020:05:38:48 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [27/Aug/2020:05:38:50 +0200] "POST /wp-login.php HTTP/1.1" 200 9291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [27/Aug/2020:05:38:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-27 20:52:21
139.59.141.196	attackspambots	139.59.141.196 - - [23/Aug/2020:05:55:43 +0200] "GET /wp-login.php HTTP/1.1" 200 8775 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [23/Aug/2020:05:55:44 +0200] "POST /wp-login.php HTTP/1.1" 200 9026 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [23/Aug/2020:05:55:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-23 12:11:51
139.59.141.196	attackbots	CMS (WordPress or Joomla) login attempt.	2020-08-20 13:14:37
139.59.141.196	attackbots	139.59.141.196 - - [01/Aug/2020:12:37:12 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [01/Aug/2020:12:37:13 +0200] "POST /wp-login.php HTTP/1.1" 200 1819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [01/Aug/2020:12:37:13 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [01/Aug/2020:12:37:14 +0200] "POST /wp-login.php HTTP/1.1" 200 1816 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [01/Aug/2020:12:37:14 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - [01/Aug/2020:12:37:14 +0200] "POST /wp-login.php HTTP/1.1" 200 1818 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/201001 ...	2020-08-01 19:47:41
139.59.141.196	attack	CMS (WordPress or Joomla) login attempt.	2020-07-14 12:59:01
139.59.141.196	attackbots	139.59.141.196 - - \[06/Jul/2020:16:56:09 +0200\] "POST /wp-login.php HTTP/1.0" 200 4128 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - \[06/Jul/2020:16:56:10 +0200\] "POST /wp-login.php HTTP/1.0" 200 3955 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 139.59.141.196 - - \[06/Jul/2020:16:56:10 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-07-06 23:03:42
139.59.141.196	attack	xmlrpc attack	2020-06-24 12:28:21

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.59.141.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50911
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.59.141.137.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019033100 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sun Mar 31 19:58:05 +08 2019
;; MSG SIZE  rcvd: 118

Host info

137.141.59.139.in-addr.arpa domain name pointer prospectos-ubuntu-16.04.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
137.141.59.139.in-addr.arpa	name = prospectos-ubuntu-16.04.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
189.174.74.4	attack	Trying to (more than 3 packets) bruteforce (not open) Samba/Microsoft-DS port 445	2019-06-30 07:31:48
108.62.202.210	attackbots	Scanning (more than 2 packets) random ports - tries to find possible vulnerable services	2019-06-30 07:13:34
204.61.221.126	attackbots	Trying to (more than 3 packets) bruteforce (not open) Samba/Microsoft-DS port 445	2019-06-30 07:12:52
92.252.166.85	attackspambots	Trying to (more than 3 packets) bruteforce (not open) Samba/Microsoft-DS port 445	2019-06-30 07:39:05
125.64.94.211	attackbotsspam	firewall-block, port(s): 1400/tcp	2019-06-30 07:07:00
101.99.6.122	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-29 18:49:09,854 INFO [shellcode_manager] (101.99.6.122) no match, writing hexdump (45f5ef579da1aec0efd29e07011afce4 :1851432) - SMB (Unknown)	2019-06-30 07:38:32
107.170.203.244	attackbots	2376/tcp 5351/udp 2086/tcp... [2019-05-01/06-29]60pkt,43pt.(tcp),5pt.(udp)	2019-06-30 07:14:02
103.115.195.42	attackspambots	Trying to (more than 3 packets) bruteforce (not open) Samba/Microsoft-DS port 445	2019-06-30 07:37:22
92.119.160.151	attack	Multiport scan : 7 ports scanned 15000 16000 20000 21000 22000 25000 28000	2019-06-30 07:14:47
191.53.252.88	attackbotsspam	SMTP-sasl brute force ...	2019-06-30 06:55:46
181.143.153.74	attackbotsspam	Port scan: Attack repeated for 24 hours	2019-06-30 07:03:46
103.87.31.205	attackbotsspam	Trying to (more than 3 packets) bruteforce (not open) Samba/Microsoft-DS port 445	2019-06-30 07:37:52
80.82.77.139	attackspam	29.06.2019 23:09:24 Connection to port 2086 blocked by firewall	2019-06-30 07:22:02
189.209.115.184	attack	Trying to (more than 3 packets) bruteforce (not open) Samba/Microsoft-DS port 445	2019-06-30 07:31:28
122.175.55.196	attackbots	Jun 29 14:30:43 aat-srv002 sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.175.55.196 Jun 29 14:30:45 aat-srv002 sshd[11512]: Failed password for invalid user fin from 122.175.55.196 port 33261 ssh2 Jun 29 14:32:26 aat-srv002 sshd[11532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.175.55.196 Jun 29 14:32:28 aat-srv002 sshd[11532]: Failed password for invalid user anders from 122.175.55.196 port 40151 ssh2 ...	2019-06-30 06:56:17

Recently Reported IPs

193.201.224.220	123.207.168.222	122.199.81.99	118.24.41.104
87.251.81.86	87.118.88.210	54.169.199.83	50.250.231.41
46.105.36.238	5.251.129.78	179.184.11.118	118.24.103.82
185.176.27.6	118.24.125.155	116.7.52.24	107.20.202.172
106.13.65.219	69.181.163.123	67.205.153.16	54.36.162.74